Date: Fri, 27 Feb 2004 06:27:19 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Andrey Chernov <ache@nagual.pp.ru>, D J Hawkey Jr <hawkeyd@visi.com>, kientzle@acm.org, das@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Environment Poisoning and login -p Message-ID: <20040227122718.GA46119@madman.celabo.org> In-Reply-To: <20040227112658.GA36271@nagual.pp.ru> References: <403CEF67.5040004@kientzle.com> <20040226225149.GB73252@nagual.pp.ru> <403E7B4D.8030803@kientzle.com> <20040227111353.GA14777@sheol.localdomain> <20040227112658.GA36271@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 27, 2004 at 02:27:00PM +0300, Andrey Chernov wrote: > On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote: > > > Instead, I've decided to follow Jacques Vidrine's > > > suggestion of using a whitelist of environment variables > > > that are "known-safe." > > > > Coming in from left field... Will there be some sort of mechanism for > > an admin to set/modify this list? > > I agree we'll need it (because of different assumptions). Something like > /etc/safe_environment file. Whoa, Let's not complicate things unnecessarily. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040227122718.GA46119>